Black Box LES110BA, LES1116A, LES1132A, LES114BA, LES1208A-R2, LES1216A-R2, LES1232A, LES1248A-R2, LES1308A, LES1316A, LES1332A, LES1348A, LES1408A, LES1416A, LES1432A, LES144BA, Value-Line and Advanced Console Servers 9.2 PAM (Pluggable Authentication Modules)

Note: Kerberos is very sensit i ve to time differe nces between the Key Distribution Center (K DC)

authentication serv er and the client device. Please make sure that NTP is enabl ed, and the time

zone is set correctly on the console server.

When authenti cat i ng against Active Directory, the Kerbero s Realm will be the dom ain name, and the

Master KDC will be the addre ss of the primary domain controller.

9.1.12 Authentication testing

The Authentication Testing option enables the connection to the remote aut hentication server to be

tested.

9.2 PAM (Pluggable Authentication Modules)

The console server supports RADIUS, TACACS+, and LDAP for two-factor authentication via PAM

(Pluggable Authentication Modules). PAM is a flexible mechanism for authenticating users. Nowadays, a

number of new ways of authenticating users have become popular. The challenge is that each time a

new authentication scheme is developed, you need to rewrite all the necessary programs (login, ftpd,

etc.) to support it.

PAM provides a way to develop programs that are independent of authentication scheme. These

programs need “authentication modules” to be attached to them at run-time in order to work. Which

authentication module is attached depends on the local system setup and is at the discretion of the local

Administrator.

The console server family supports PAM with the following modules added for remote authentication:

RADIUS - pam_radius_auth (http://www.freeradius.org/pam_radius_auth/)

_____________________________________________________________________

724-746-5500 | blackbox.com Page 175

Contents

Main BL A C K B OX Value-Line and Advanced Console Servers Users Manual Securely manage data center and network equipment from anywhere in the world. Page Page Page 724-746-5500 | blackbox.com 724-746-5500 | blackbox.com Page 5 Instrucciones de Seguridad (Normas Oficiales Mexicanas Electrical Safety Statement) INDEX _____________________________________________________________________ _____________________________________________________________________ Page Page Page Page APPENDIX Chapter 1 Introduction INTRODUCTION This Manual Manual Organization Types of users Management Console _____________________________________________________________________ Manual Conventions Note Text presented like this indicates issues t o note. Publishing history _____________________________________________________________________ Page Copyright Notice to Users Memory Chapter 2 Installation INSTALLATION Introduction To avoid physical and electrical hazards please read Appendix C on Safety. Page Page 2.2 Power connection Page 2.3 Network connection 2.4 Serial Port connection 2.5 USB Port Connection _____________________________________________________________________ 2.6 Antenna and SIM Chapter 3 Initial System Configuration SYSTEM CONFIGURATION Introduction 3.1 Management console connection Page Page 3.2 Administrator Password Note If you are not confident t hat your consol e server has the current firmwar e release, you can Note The System Name can contain from 1 to 64 alphanumeric characters (however you can also use 3.3 Network IP address _____________________________________________________________________ Page Page 3.4 System Services 3.4.1 Service Access _____________________________________________________________________ Page 3.5 Communications Software 3.6 Management network configuration Page Page Page Page Page Page Page Chapter 4 Serial Port, Host, Devi ce & Use r Confi guration SERIAL PORT AND NETWORK HOST Introduction 4.1 Configure Serial Ports Page Page Page Page Page Page Page Page _____________________________________________________________________ 4.2 Add/ Edit Users Note: _____________________________________________________________________ Page Note _____________________________________________________________________ 4.3 Authentication 4.4 Network Hosts 4.5 Trusted Networks 4.6 Serial Port Cascading Page Page Page 4.7 Serial Port Redirection 4.8 Managed Devices _____________________________________________________________________ 4.9 IPsec VPN LES1308A, LES1316A, LES1332A, LES1348A,LES1208A-R2, LES1216A-R2, LES1232 and LES1248A-R2 _____________________________________________________________________ 4.9.1 Enable the VPN gateway 4.10 OpenVPN 4.10.1 Enable the OpenVPN _____________________________________________________________________ 4.10.2 Configure as Server or Client _____________________________________________________________________ 4.10.3 Windows OpenVPN Client and Server set up _____________________________________________________________________ Page Page 4.11 PPTP VPN Page Page Page Chapter 5 Firewall, Failover and OoB Dial Access FIREWALL, FAIL OV ER A ND OoB DIAL-IN Introduction 5.1 OoB Dial-In Access Page Page Page Note 5.2 OoB broadband access _____________________________________________________________________ 5.3 Broadband Ethernet Failover 5.4 Dial-Out Failover Page Page Page Before activating over the air, you will need to found on the white label on the underside of the console server. Page 5.7 Cellular Operation _____________________________________________________________________ Page 5.8 Firewall & Forwarding Page Page Note _____________________________________________________________________ Page Page Page Chapter 6 Secure SSH Tunneling & SDT Connector SECURE SSH TUNNELING A ND SDT CONNECT OR 6.1 Configuring for SSH Tunneling to Hosts 6.2 SDT Connector Client Configuration Note Note _____________________________________________________________________ Note _____________________________________________________________________ Page Page Page Page Page Page Page 6.3 SDT Connector to Management Console 6.4 SDT Connector - telnet or SSH connect to serially attached devices Page 6.5 Using SDT Connector for out-of-band connection to the gateway 6.6 Importing (and exporting) preferences 6.7 SDT Connector Public Key Authentication 6.8 Setting up SDT for Remote Desktop access Page Page Note The Remote Desktop Co nnection software is pre-installed with Windows XP, Vista and Server _____________________________________________________________________ Page 6.9 SDT SSH Tunnel for VNC Note To make VNC faster, whe n you set up the Viewer: _____________________________________________________________________ Page Note For general background reading on Remote Desktop and VNC access we recommend the 6.10 Using SDT to IP connect to hosts that are serially attached to the gateway _____________________________________________________________________ Page Page Page _____________________________________________________________________ 6.11 SSH Tunneling using other SSH clients (e.g. PuTTY) Page Note How secure is VNC? VNC access generally allows access to your whole computer, so security is _____________________________________________________________________ Chapter 7 Alerts, Auto-response and Logging ALERTS AND LOGGI NG This chapter describes server. 7.1 Configure Auto-Response Page 7.2 Check Conditions _____________________________________________________________________ Page Page 7.3 Trigger Actions _____________________________________________________________________ Page Page Page Page Page 7.6 Logging Page Page Chapter 8 POWER & ENVIRONMENTAL MANAGEMENT Introduction 8.1 Remote Power Control (RPC) _____________________________________________________________________ Page Page Enter the Username and Password used to login into the RPC (Note that these login credentials _____________________________________________________________________ 8.2 Uninterruptible Power Supply Control (UPS) Page Page Page Page Page Page Page Page 8.3 Environmental Monitoring Page Page Page Chapter 9 Authentication AUTHENTICATION Introduction 9.1 Authentication Configuration Page _____________________________________________________________________ Page Page Page 9.1.7 Remote groups with RADIUS authentication 9.1.8 Remote groups with LDAP authentication Page Select Serial and Net work: Au thentication _____________________________________________________________________ 9.2 PAM (Pluggable Authentication Modules) Page 9.3 SSL Certificate Page Page Chapter 10 Nagios Integration NAGIOS INTEGRATION Page Page Page 10.3 Configuring Nagios distributed monitoring Select System: Nagios and check NSCA Enabled. _____________________________________________________________________ 10.4 Advanced Distributed Monitoring Configuration Page Page Page Page Page Page Page Chapter 11 System Management SYSTEM MANAGEMENT Introduction 11.1 System Administration and Reset 11.2 Upgrade Firmware 11.3 Configure Date and Time 11.4 Configuration Backup Page Note _____________________________________________________________________ 11.5 Delayed Configuration Commit Note _____________________________________________________________________ 11.6 FIPS Mode Note Not _____________________________________________________________________ Chapter 12 Status Reports STATUS REPORTS Introduction 12.1 Port Access and Active Users 12.2 Statistics 12.3 Support Reports 12.4 Syslog 12.5 Dashboard Note: _____________________________________________________________________ Page 12.5.2 Creating custom widgets for the Dashboard _____________________________________________________________________ Chapter 13 Management MANAGEMENT Introduction 13.1 Device Management 13.2 Port and Host Logs Page Page Chapter 14 Command Line Configuration CONFIGURATION FROM THE COMMAND LINE Introduction 14.1 Accessing config from the command line The config tool _____________________________________________________________________ Page 14.2 Serial Port configuration Page Page 14.3 Adding and Removing Users 14.4 Adding and removing user Groups 14.5 Authentication 14.6 Network Hosts 14.7 Trusted Networks 14.8 Cascaded Ports _____________________________________________________________________ 14.9 UPS Connections 14.10 RPC Connections 14.11 Environmental 14.12 Managed Devices 14.13 Port Log 14.14 Alerts Page 14.15 SMTP & SMS 14.16 SNMP 14.17 Administration 14.18 IP settings 14.19 Date & Time Settings 14.20 Dial-in settings 14.21 DHCP server 14.22 Services 14.23 NAGIOS Chapter 15 Advanced Configuration ADVANCED CONF IGURATION Introduction 15.1 Custom Scripting Page Page Page Page Page Page Page Page 15.2 Advanced Portmanager Page 15.3 Raw Access to Serial Ports 15.4 IP- Filtering 15.5 Modifying SNMP Configuration Page 15.6 Secure Shell (SSH) Public Key Authentication Page Page Page Page Page Page Page Page 15.7 Secure Sockets Layer (SSL) Support 15.8 HTTPS 15.9 Power Strip Control Page Page Page 15.10 IPMItool Page Page 15.11 Custom Development Kit (CDK) 15.12 Scripts for Managing Slaves Page Appendix A Linux Commands & Source Code Page Page Page Page Page Appendix B Hardware Specifications FEATURE VALUE _____________________________________________________________________ Appendix C Safety & Certifications FCC Warning Statement Appendix F End User License Agreement READ BEFORE USING THE ACCOMPANYING SOFTWARE _____________________________________________________________________ JSch License _____________________________________________________________________ SDT Connect or License 724-746-5500 | blackbox.com Page 281 Page Page Page Page BLACK BOX